Capture LLDPand CDP packets using tcpdump

LLDP
tcpdump -vv -s1500 -c1 ‘ether proto 0x88cc’ -ni eth0

CDP
tcpdump -vv -s1500 -c1 ‘ether[20:2] == 0x2000’ -ni eth0

Advertisements

Network service troubleshooting and port scanning

At a former workplace, the DB2 team were furious because they couldn’t connect to the database remotely. They have been constantly trying to telnet into a port on the server and they couldn’t. They server wasn’t listening on the port they were trying to telnet into. They have rebooted the server twice and nobody thought of checking the listening ports. The solution was a simple restart of the DB service.

Ping the server. If the server does not respond to ping, access the server locally by way of RDP, IMM , RSA ,CIMC or UCS Manager KVM Console and troubleshoot from there. If the server does reply to ping, scan the port. Continue reading

Wireshark

Wireshark is a protocol analyzer using which you can capture and analyze traffic in your network. It is written by Gerald Combs. The first version was released in 1998. It is a Free and Open Source software. It was initially called Ethereal and renamed due to a trademark issue.

Back in the day, to analyse network traffic, they hook up an oscilloscope to the network which captures the electrical wave form which is converted into binary and then decoded manually.

In Linux and other nix , it uses libpcap library which is also used by tcpdump. In Windows, it uses WinPcap driver. The libpcap or WinPcap receives every data incoming and outgoing at the NIC, passes one copy to Wireshark and the other to the network application.

It has a command line version called tshark. The syntax is quite similar to tcpdump. You can capture packets with tcpdump and tshark, save it to a file and load it in Wireshark for analysis.

I took these notes while going through this introductory course on Wireshark at Pluralsight.